Decentralization is the lifeblood of Web3, but it also brings some shadows. It is easy for almost anyone to launch an attack against anyone else, making phishing deals and fake signatures commonplace. This may not be a problem for Degen's who have been around the chain for years, since they can easily tell which deals are problematic, but what about someone new to Web3? What's more, even people like Kevin Rose, founder of Moonbirds, and Arthur, founder of DeFiance Capital, have both stepped into multimillion-dollar attacks before, so there's no guarantee that their frittered nerves will stay that way.
On its way to mass adoption, Web3 needs better "antivirus software." A Chrome extension called Stelo is trying to act as a firewall for Web3, protecting people from fraud and phishing.
Stelo currently supports Ethereum only and may expand to other EVM chains in the future, with three offerings at this stage: the Stelo Browser extension, the Stelo Developer Tool, and Approvals.xyz. The common core of its products is the Stelo Transaction Engine, which provides:
Simulated transactions - Simulated transactions and let users know which assets are leaving and entering their wallets. Enrich trade information - Enrich trade information with on-chain and off-chain data, such as the name of the trade class that is easy for all to understand, the name and price of the set of NFT that the trade contains. Risk Analysis - Analyze transactions and suggest risk factors to help protect users from fraud and phishing.
Web3 has many advantages, such as the ability for any developer to build a website that interacts with any contract. Developers can interact with Uniswap's pool or use OpenSea's NFT market contract without requesting permission. However, this also creates the risk that the site tells you they are doing one thing, when in fact the transaction is doing something completely different. If we want to know what a transaction really means, we often need a lot of Crypto related knowledge, which brings more learning costs and higher thresholds.
Stelo's Chrome extension was created for this purpose, protecting each transaction and acting as a firewall for the wallet, and translating complex transactions into easy-to-understand text so that users can feel comfortable doing what the transaction is about.
In addition to on-chain transactions, off-chain signatures are becoming more common, which can save users Gas bills, such as on DEX Approve Token, on the market NFT, and on multi-contract interactions with Gnosis Safe. However, existing wallets reveal little useful information during the signing process, leaving users in the dark about the possible consequences of their signature, with many unaware that a single click could cost millions.
Stelo identifies the most common signature types for users and uses the Stelo transaction engine to run them. In this way, stelo converts the difficult original signature information into a form that is easy to read. In this way, users can know what the signature is for and whether it is secure.
The figure above is the comparison between Stelo and Metamask when encountering a false signature. It can be seen that Stelo identified the high degree of risk of this signature and listed two signals to judge the risk, while Metamask just directly displayed the original information of the signature.
Stelo's vision is to make every transaction secure and easy to understand, even without Stelo installed. So they have two tools for developers: the Stelo API and Stelo Embed.
The Stelo API is designed to protect the transaction security of each DApp and wallet, and provides the same transaction information display and risk analysis functions as the Stelo browser extension. With the Stelo API, developers can make their users understand the transaction and provide them with better security. Stelo Embed allows any DApp or wallet connected product to embed Stelo's transaction window on its website to display security information directly on the website, which can improve users' confidence in the product.
Stelo Embed can be done in a matter of minutes; developers simply send the same transaction object they sent to the wallet, and Stelo Embed does the rest.
One of the biggest risk vectors in Web3 is Approve. Many of the most commonly used contracts, such as OpenSea and Uniswap, rely on a Token Approve, which provides the right to transfer the user's assets and is required for Token trading and listing NFT.
In order to minimize the transaction and provide the simplest user experience, many Dapps choose to move the user's asset indefinitely by completing a single Approve. While this reduces the number of transactions, it poses a big security risk if the contract is attacked or if the user later signs the mobile asset.
The Stelo extension and API protect users from malicious transactions and signatures, but Approve also requires management. Stelo has launched Approvals.xyz. This allows users to more intuitively understand their approving behavior and take action to make their wallets more secure. Approvals.xyz also has Stelo's transaction simulation, rich transaction information and transaction risk analysis capabilities.
After connecting to the wallet, users can directly get suggestions on which Approve to Revoke, learn their wallet's health score, and simulate REVOKE, all of which are implemented through Stelo Embed.
On February 17, 2023, Stelo announced the completion of a $6 million seed round led by a16z crypto, Other investors include First Round Capital, OpenSea Ventures, Chainforest, BoxGroup, Pear, Mischief, Homebrew, Louis Beryl, Sabrina Hahn, Dylan Field, Dan Romero, Gokul Rajaram, Lenny Rachitsky and other angel investors.
to access the Chrome App Store, click Add Stelo to Chrome at Stelolabs.com and add Stelo to the Chrome browser.
The page will pop up automatically after the addition. You need to click Connect Wallet to connect the wallet. Currently, only Metamask and Coinbase wallets are supported.
In order to familiarize users with Stelo functions and interfaces, a transaction test is performed after the wallet connection is complete, which requires clicking Reject to reject the transaction.
Stelo identifies the risk factors and shows where the risk is coming from. After rejecting the test transaction, Stelo can be used.
After Stelo is installed, whenever a transaction occurs, Stelo intercepts the transaction and opens it automatically before it reaches the wallet. The following figure shows Stelo during a Swap by Uniswap.
In addition to the most basic information, you can expand the ability to view the total number of contracts traded, the number of transactions in the last 30 days, deployment time, and transactions.
Only after the user has read the information displayed by the Stelo and clicked Continue, will the transaction be sent to the wallet and a transaction processing window pop up.
Through using Stelo, we find that Stelo's judgment of transaction and signature is not perfect.
While Stelo notes that there are some risks associated with interacting with dYdX using the new wallet, it doesn't say where they come from.
The same is true for on-chain transactions after signature completion.
Stelo wants to bring secure and understandable transactions to every Web3 user. If its vision is realized, the barriers to entry to Web3 will once again be lowered and mass adoption of Web3 will accelerate. Currently, Stelo's product is not perfect, but with the support of giants such as a16z, OpenSea and First Round Capital, Stelo has a promising future.